VDB

CVE-2022-28352

CVE-2022-28352 PUBLISHED CVSS 4.300000190734863 MEDIUM

WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.

EPSS 0.14% · 33.0th percentile

Risk Scores

CVSS v3.1
4.300000190734863
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:R
EPSS Score
0.14%
33.0th percentile

Affected Products

VendorProductVersions
n/an/an/a
weechatweechat3.2

Timeline

  • Apr 2, 2022 CVE Published
  • Apr 3, 2022 EPSS Score
  • May 24, 2022 EPSS Score
  • Jul 13, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 23, 2022 EPSS Score
  • Dec 13, 2022 EPSS Score
  • Feb 1, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 24, 2023 EPSS Score
  • May 13, 2023 EPSS Score
  • Jul 3, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›